If I'm not mistaken, SpamAssassin awards FORGED_RCVD_HELO (OK, only 0, 0, 0, or 0.1 points, but were talking principles here) whenever the HELO name presented by an untrusted host doesn't match either the IP address or resolved name reported by the receiving MTA, according to the text in the headers.
What I am wondering is this: Clearly it's a violation if you make something up and say HELO hotmail.com, for instance (incidentally, that's exactly what Hotmail themselves do, calling for a hard-coded(!) whitelisting by helo_forgery_whitelisted()). But if you present a FQDN that does resolve to the IP you're connecting from, I think that should be fully acceptable even if it doesn't match the reverse for your host address. The reason is that you often don't control the RDNS for your IP and by telling the other end what *you* call your MTA you provide them with more direct contact information. Sure, spammers can provide a legitimate-looking domain with bogus whois info as a red herring, but do they bother? In practice it may be right to treat all such mismatches alike instead of doing a forward lookup on the HELO name (but isn't that done anyway?), but am I correct in principle? Regards, -- Magnus Holmgren
signature.asc
Description: OpenPGP digital signature
